This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP WSFuzzer Project"
(→Features) |
(→Features) |
||
| Line 14: | Line 14: | ||
‡ Pen tests an HTTP SOAP web service based on either valid WSDL or a valid endpoint & namespace.<br> | ‡ Pen tests an HTTP SOAP web service based on either valid WSDL or a valid endpoint & namespace.<br> | ||
| − | ‡ It can try to intelligently detect WSDL for a given target. | + | ‡ It can try to intelligently detect WSDL for a given target.<br> |
| − | ‡ Includes a simple TCP port scanner. | + | ‡ Includes a simple TCP port scanner.<br> |
| − | ‡ WSFuzzer has the ability to handle methods with multiple parameters. Each parameter is either handled as a unique entity, and can either be attacked or left alone, or multiple parameters are attacked simultaneously with a given data set. | + | ‡ WSFuzzer has the ability to handle methods with multiple parameters. Each parameter is either handled as a unique entity, and can either be attacked or left alone, or multiple parameters are attacked simultaneously with a given data set.<br> |
| − | ‡ The fuzz generation (attack strings) consists of a combination of a dictionary file, some optional dynamic large injection patterns, and some optional method specific attacks including automated XXE and WSSE attack generation. | + | ‡ The fuzz generation (attack strings) consists of a combination of a dictionary file, some optional dynamic large injection patterns, and some optional method specific attacks including automated XXE and WSSE attack generation.<br> |
| − | ‡ The tool also provides the option of using some IDS Evasion techniques which makes for a powerful security infrastructure (IDS/IPS) testing experience. | + | ‡ The tool also provides the option of using some IDS Evasion techniques which makes for a powerful security infrastructure (IDS/IPS) testing experience.<br> |
== Future Development == | == Future Development == | ||
Revision as of 00:09, 25 October 2006
Overview
TBD
Goals
TBD
Download
TBD
Features
‡ Pen tests an HTTP SOAP web service based on either valid WSDL or a valid endpoint & namespace.
‡ It can try to intelligently detect WSDL for a given target.
‡ Includes a simple TCP port scanner.
‡ WSFuzzer has the ability to handle methods with multiple parameters. Each parameter is either handled as a unique entity, and can either be attacked or left alone, or multiple parameters are attacked simultaneously with a given data set.
‡ The fuzz generation (attack strings) consists of a combination of a dictionary file, some optional dynamic large injection patterns, and some optional method specific attacks including automated XXE and WSSE attack generation.
‡ The tool also provides the option of using some IDS Evasion techniques which makes for a powerful security infrastructure (IDS/IPS) testing experience.
Future Development
TBD
News
OWASP WSFuzzer Project Created! - 10:36, 23 October 2006 (EDT)
The Open Web Application Security Project is proud to announce the creation of the OWASP WSFuzzer Project!
Feedback and Participation
We hope you find the OWASP WSFuzzer Project useful. Please contribute to the Project by volunteering for one of the Tasks, sending your comments, questions, and suggestions to [email protected]. To join the OWASP WSFuzzer Project mailing list or view the archives, please visit the subscription page.
Project Contributors
WSFuzzer is managed by Andres Andreu <andres [at] neurofuzz dot com>
Project Sponsors
TBD
This category currently contains no pages or media.
